CVSS: 9.3EPSS: 95%CPEs: 27EXPL: 0CVE-2012-0171
https://notcve.org/view.php?id=CVE-2012-0171
Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "SelectAll Remote Code Execution Vulnerability." Microsoft Internet Explorer 6 hasta la versión 9 no maneja apropiadamente objetos en memoria, lo que permite a atacantes remotos ejecutar código arbitrario accediendo a un objeto borrado. También conocida como "vulnerabilidad de ejecución de código remota SelectAll". • http://www.securitytracker.com/id?1026901 http://www.us-cert.gov/cas/techalerts/TA12-101A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-023 https://exchange.xforce.ibmcloud.com/vulnerabilities/74382 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15313 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.6EPSS: 7%CPEs: 27EXPL: 0CVE-2012-0168
https://notcve.org/view.php?id=CVE-2012-0168
Microsoft Internet Explorer 6 through 9 allows user-assisted remote attackers to execute arbitrary code via a crafted HTML document that is not properly handled during a "Print table of links" print operation, aka "Print Feature Remote Code Execution Vulnerability." Microsoft Internet Explorer 6 hasta la versión 9 permite a atacantes remotos asistidos por el usuario ejecutar código arbitrario a través de un documento HTML modificado que no es apropiadamente manejado durante una operación de impresión "Print table of links". También conocida como "vulnerabilidad de ejecución de código remota de la funcionalidad Print". • http://osvdb.org/81126 http://www.securitytracker.com/id?1026901 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-023 https://exchange.xforce.ibmcloud.com/vulnerabilities/74379 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15577 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 62%CPEs: 7EXPL: 0CVE-2012-0169
https://notcve.org/view.php?id=CVE-2012-0169
Microsoft Internet Explorer 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "JScript9 Remote Code Execution Vulnerability." Microsoft Internet Explorer 9 no maneja apropiadamente objetos en memoria, lo que permite a atacantes remotos ejecutar código arbitrario accediendo a un objeto borrado. También conocida como "vulnerabilidad de ejecución de código remota JScript9". • http://osvdb.org/81127 http://www.securityfocus.com/bid/52902 http://www.securitytracker.com/id?1026901 http://www.us-cert.gov/cas/techalerts/TA12-101A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-023 https://exchange.xforce.ibmcloud.com/vulnerabilities/74380 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15611 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 96%CPEs: 7EXPL: 0CVE-2012-0155 – Microsoft Internet Explorer VML CDispScroller Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2012-0155
Microsoft Internet Explorer 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "VML Remote Code Execution Vulnerability." Microsoft Internet Explorer 9 no maneja correctamente objetos en memoria, lo que permite a atacantes remotos ejecutar código de su elección accediendo a objetos eliminados, también conocido como "VML Remote Code Execution Vulnerability." This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the handling of VML element positioning. When appending a VML element to a textArea element a reference to a cDispScroller object can be improperly freed. • http://www.us-cert.gov/cas/techalerts/TA12-045A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-010 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14781 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 96%CPEs: 23EXPL: 0CVE-2012-0011 – Microsoft Internet Explorer CDispNode t:MEDIA Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2012-0011
Microsoft Internet Explorer 7 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "HTML Layout Remote Code Execution Vulnerability." Microsoft Internet Explorer v7 hasta v9, no maneja apropiadamente los objetos en memoria, lo que permite a atacantes remotos ejecutar código de su elección accediendo a objetos borrados, también conocido como "HTML Layout Remote Code Execution Vulnerability." This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required in that a target must visit a malicious page or open a malicious file. The flaw exists within MSHTML, specifically the handling of an HTML time t:MEDIA element. A t:MEDIA element can be manipulated such that when the page is refreshed a reference to a freed CDispNode object remains allowing the repurpose of this region. • http://www.us-cert.gov/cas/techalerts/TA12-045A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-010 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14310 • CWE-94: Improper Control of Generation of Code ('Code Injection') •